2018 in cybersecurity: Regrets, we have a few

Cybersecurity in 2018- This was the year security slips, privacy fails and outright stupidity went from bad to surreal. It was a year in which warnings went unheeded and companies lost whatever trust we gave them. It was a nesting doll of security disasters. A clown car of willful negligence. A long 12 months of totally unsexy, nonconsensual edge-play with our data.

There were cops unlocking iPhones with corpses. Australia mandated backdoors. Apple came out swinging against accusations they were infiltrated by Chinese spy chips. Japan’s Cybersecurity minister said he’s never used a computer. The head of DC’s top cyber think tank turned out to be a con man. A Russian spy claiming to be a cybersecurity aficionadofaked her way into the GOP and NRA.

All that, and it seemed like every business big and small had a breach or exposed our private data in some way. Here’s our roundup of the nuttiest fruitcakes no one wanted this year, but that we ended up getting anyway.

We didn’t vote for this: Election insecurity

Between the lack of action by officials to secure the midterms, to voting machine vulnerabilities gone wild, this was the year American election security went beyond critical.

At the yearly hacking conference DEF CON, the Voting Village flipped the script on voting machine makers (and those who benefit from their insecurity) by exposing the whole sordid mess. They bought surplus decommissioned machines on eBay to probe for vulnerabilities, which caused the makers to panic and try to stop researchers from getting their hands on the gear. The DEF CON event made headlines as researchers of all ages successfully hacked machines and simulations of election websites with terrifying ease — which got the researchers attacked by people who accused them of aiding foreign adversaries. Those working to fix the issues disagreed, to say the least.

DEF CON’s Voting Village then compiled a report of everything they found, as well as their conclusions about the issues in digital voting machines. The report was presented to lawmakers on Capitol Hill. Terrifyingly, the findings “highlighted a decade-old vulnerability in a ballot-counting machine used in more than half the states.” DEF CON founder Jeff Moss described “a ‘civil war’ going on at big US voting-equipment vendors between employees who want to proactively address security vulnerabilities and those who stubbornly oppose doing that.”

That was before the midterm elections. Also prior to the elections, ProPublica found that “The Election Assistance Commission has ceded its leadership role [in securing the elections]” and some officials told ProPublica that “EAC commissioner, Christy McCormick, was effectively thwarting election security efforts.” And Trump, unsurprisingly, just didn’t give a shit.

Then the elections happened. There were lots of problems, but perhaps the biggest was Brian Kemp hacking the Georgia election in his favor by doing everything possible to keep people from fixing the well-known security holes in his state’s system. Evil clown, away with you!

Read More Here

Article Credit: Engadget

The post 2018 in cybersecurity: Regrets, we have a few appeared first on erpinnews.